Error when re-authenticating when organization is enabled

Closes #36249

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor
2025-01-17 12:36:36 -03:00
committed by GitHub
parent 00a45a40e7
commit 676f2a0469
2 changed files with 36 additions and 1 deletions

View File

@@ -314,8 +314,11 @@ public class OrganizationAuthenticator extends IdentityProviderAuthenticator {
return;
}
// user is re-authenticating and there are no organizations to select
// user is re-authenticating, and there are no organizations to select
context.success();
} else {
// user is re-authenticating, there is no organization to process
context.attempted();
}
}

View File

@@ -17,14 +17,17 @@
package org.keycloak.testsuite.organization.authentication;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import java.io.IOException;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationResource;
import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
@@ -102,4 +105,33 @@ public class OrganizationAuthenticationTest extends AbstractOrganizationTest {
appPage.assertCurrent();
}
}
@Test
public void testForceReAuthenticationBeforeRequiredAction() {
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
UserRepresentation member = addMember(organization);
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
loginPage.loginUsername(member.getEmail());
loginPage.login(memberPassword);
appPage.assertCurrent();
try {
setTimeOffset(10);
oauth.maxAge("1");
oauth.kcAction(RequiredAction.UPDATE_PASSWORD.name());
loginPage.open(bc.consumerRealmName());
loginPage.assertCurrent();
Matcher<String> expectedInfo = is("Please re-authenticate to continue");
assertThat(loginPage.getInfoMessage(), expectedInfo);
loginPage.login(memberPassword);
updatePasswordPage.updatePasswords(memberPassword, memberPassword);
appPage.assertCurrent();
} finally {
resetTimeOffset();
oauth.kcAction(null);
oauth.maxAge(null);
}
}
}